CVE-2025-59843

Medium CVSS: 6.9

Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.2, the public endpoint /api/user/[username] returns user email addresses in its JSON response. The fix, intended for release in 2.3.1 but only available starting in version 2.3.2, removes email addresses from public API responses while keeping the endpoint publicly accessible. Users should upgrade to version 2.3.2 or later to eliminate exposure. There are no workarounds for this vulnerability.

Vendor

Flagforge

Product

Flagforge

CWE

CWE-359

Yayın Tarihi

2025-09-26 16:15:49

Güncelleme

2026-01-29 00:16:07

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-359 Flagforge MEDIUM Flagforge 2025

Referanslar

https://github.com/FlagForgeCTF/flagForge/commit/1b033f1b6e20fbf6df422d5d1afc9b2347528ace https://github.com/FlagForgeCTF/flagForge/compare/v2.3.1...v2.3.2 https://github.com/FlagForgeCTF/flagForge/releases/tag/v2.3.1 https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-qqjv-8r5p-7xpj

Benzer Kayıtlar

High

CVE-2026-21868

Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression Denial of Service (R…

Critical

CVE-2025-61777

Flag Forge is a Capture The Flag (CTF) platform. Starting in version 2.0.0 and prior to version 2.3.2, the `/api/admin/b…

High

CVE-2025-59932

Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previo…

Critical

CVE-2025-59841

Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application i…

Critical

CVE-2025-59827

Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper acc…

High

CVE-2025-59833

Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/probl…